32.1
Chapter 32
Security in the Internet:
IPSec, SSL/TLS, PGP,
VPN, and Firewalls
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
32.2
Figure 32.1 Common structure of three security protocols
32.3
32-1 IPSecurity (IPSec)
32-1 IPSecurity (IPSec)
IPSecurity (IPSec) is a collection of protocols designed
IPSecurity (IPSec) is a collection of protocols designed
by the Internet Engineering Task Force (IETF) to
by the Internet Engineering Task Force (IETF) to
provide security for a packet at the network level.
provide security for a packet at the network level.
Two Modes
Two Security Protocols
Security Association
Internet Key Exchange (IKE)
Virtual Private Network
Topics discussed in this section:
Topics discussed in this section:
32.4
Figure 32.2 TCP/IP protocol suite and IPSec
32.5
Figure 32.3 Transport mode and tunnel modes of IPSec protocol
32.6
IPSec in the transport mode does not
protect the IP header; it only protects

Note
32.17
Figure 32.9 IKE components
32.18
Table 32.2 Addresses for private networks
32.19
Figure 32.10 Private network
32.20
Figure 32.11 Hybrid network
32.21
Figure 32.12 Virtual private network
32.22
Figure 32.13 Addressing in a VPN
32.23
32-2 SSL/TLS
32-2 SSL/TLS
Two protocols are dominant today for providing
Two protocols are dominant today for providing
security at the transport layer: the Secure Sockets
security at the transport layer: the Secure Sockets
Layer (SSL) Protocol and the Transport Layer
Layer (SSL) Protocol and the Transport Layer
Security (TLS) Protocol. The latter is actually an
Security (TLS) Protocol. The latter is actually an
IETF version of the former.
IETF version of the former.
SSL Services
Security Parameters
Sessions and Connections
Four Protocols